Security Lead – Risk & Compliance

As the Security Lead – Risk & Compliance, you will play a crucial role in enhancing our organization’s security posture. Join our talented and dynamic Information Security team to lead key programs and initiatives, identifying, managing, and reporting on security and data protection risks affecting the availability, confidentiality, and integrity of Patterson’s information systems, data, and technology assets. This role involves designing, assessing, and supporting security and data protection controls and the associate security programs ensuring compliance with audit and regulatory requirements. Additionally, advocating for security solutions across Security, IT, and Business teams, with the opportunity to mentor and lead associate staff.

At Patterson Companies, we pride ourselves on our strong corporate values, longstanding history, and commitment to growth, all while fostering a respectful and supportive environment for our employees.

Responsibilities:

• Lead the PCI-DSS compliance program, designing, implementing, and evaluating processes to validate and report on readiness.
• Oversee the Third-Party Risk Management program to identify, report, and remediate security and data protection risks impacting technology assets and data throughout the supply chain.
• Partner with various teams to lead assessments, report on remediation, and ensure organizational compliance with audit, regulatory, and compliance obligations.
• Collaborate with cross-functional teams to ensure cohesive security strategies and implementations.
• Identify, evaluate, and report on security and data protection risks, developing and implementing strategies to mitigate identified risks.
• Assist in the implementation and management of the GRC compliance platform, ensuring risk oversight, workflow optimization, and alignment with governance standards. Ability to assist and support implementation and oversight of risk & compliance reporting and dashboards such as through Microsoft Security Compliance.
• Lead targeted initiatives, actively collaborating with IT, business stakeholders, and external vendors to prioritize security risks, recommend mitigations or remediations, and implement security controls.
• Execute and maintain risk methodologies, owning IT risk processes aligned to frameworks such as NIST-CSF and ISO27001, supporting regulatory and compliance requirements like PCI DSS, SOC2, and SOX. 2
• Establish process workflows and lead the design, deployment, integration, and initial configuration of security solutions to enhance GRC processes.
• Manage metrics and reporting for program components within the scope of the role.
• Lead and mentor team members, providing direction to accomplish team objectives effectively.

Minimum Qualifications:

• At least 4 years work experience in information technology, cyber security, audit, compliance, risk, or information security.
• Excellent collaboration and communication skills with ability to communicate risk to a diverse stakeholder group.
• Proficiency in regulatory requirements and compliance standards (e.g. PCI-DSS, HIPAA, GDPR).
• In-depth knowledge of security risk management and compliance frameworks (e.g. NIST-CSF, COSO, ISO27001/2, CSA, etc.).
• Highly organized with attention-to-detail. o Experience in mentoring and/or coaching individuals, projects, or teams.

Preferred Qualifications:

• Familiarity with audit process and frameworks such as SOC2 Type 2 and HITRUST.
• Bachelor’s Degree with an emphasis in security, technology, or engineering.
• Ability to influence and inspire others to adopt security best practices and policies.
• Security industry certification desired.

This role is open to primarily remote work with the requirement to occasionally come into the corporate office in Mendota Heights, MN for team meetings.